3.7M FlexBooker Records Dumped on Hacker Forum

A threat group that identifies itself as Uawrongteam is dumping data stolen from FlexBooker – a popular online appointment scheduling tool for booking services ranging from counseling to haircuts – on a cybercriminal forum.

The data from FlexBooker is being offered up by Uawrongteam, along with other databases stolen on the same day, Dec. 23, from Racing.com and Redbourne Group’s rediCASE case management software, BleepingComputer reported.

FlexBooker sent a notification to its users, explaining that its Amazon AWS servers were compromised by what the company was able to identify as a distributed denial-of-service (DDoS) attack. FlexBooker customers include the brands GoDaddy, Chipotle, Bausch + Lomb and Krewe.

I got this email too and I wonder 🤔 @amazon pic.twitter.com/wr6XSLL6MX

— Mooniter (@mooniter) January 6, 2022

“After working further with Amazon to understand what happened, we learned a certain set of data, including personal information of some customers, was accessed and downloaded,” the company said.

More than 3.7M FlexBook Records Up For Grabs

According to Have I Been Pwned, the FlexBooker breach compromised 3.7 million accounts with information including email addresses, names, phone numbers and, for some, partial credit card data.

New breach: Online booking service FlexBooker had 3.7M accounts breached last month. Data included email addresses, names, phone numbers and for some accounts, partial credit card data. 69% were already in @haveibeenpwned https://t.co/LGaAnj1hUA

— Have I Been Pwned (@haveibeenpwned) January 6, 2022

Uawrongteam claimed that its stolen database contains 10 million lines, including payment details.

FlexBooker said in its disclosure that it considers the matter resolved and is “… still monitoring for any lingering issues.”

But the attack might not be over, warned Nasser Fattah with Shared Assessments.

“We know that there are financial losses associated with system outages, hence, why security teams have all eyes on glass, so to speak, when there is a DDoS attack,” Fattah explained to Threatpost on Friday. “And when this happens, it is important to be prepared for the possibility of a multifaceted attack and be very diligent with monitoring other anomalies happening on the network.”

Image courtesy of Pixabay. Licensing details.

Password Reset: On-Demand Event: Fortify 2022 with a password-security strategy built for today’s threats. This Threatpost Security Roundtable, built for infosec professionals, centers on enterprise credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. Register & stream this FREE session today – sponsored by Specops Software.